third-party-mirrors/tzpfms
1
0
Fork 0
mirror of https://git.sr.ht/~nabijaczleweli/tzpfms synced 2025-04-15 09:40:32 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Use SHA256 as the default name algorithm for the TPM2 primary key

Browse Source 
This mirrors an analogous change in tpm2-tools
  5900ed818f
and brings us back in line with the internally-documented equivalent
line-up; quoth the above:
> Using SHA1 as the default was a poor choice,
> as the whole point of TPM2.0 was SHA256+ algorithm support.

And the change to the code we butchered from tpm2-tss:
  3c1e7173b3
> Due to the fact that sha1 is outdated and the integration tests are
> often used as an example for developers, the integration tests that
> still use sha1 have been converted to sha256.
This commit is contained in:
наб 2022-12-03 21:32:50 +01:00
parent 023ffc98ae
commit 02195933bc
No known key found for this signature in database
GPG Key ID: BCFD0B018D2658F1
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/tpm2.cpp
View File

@ -326,7 +326,7 @@ int tpm2_seal(const char * dataset, ESYS_CONTEXT * tpm2_ctx, ESYS_TR tpm2_sessio
// Adapted from tpm2-tss-3.0.1/test/integration/esys-create-primary-hmac.int.c
TPM2B_PUBLIC pub{};
pub.publicArea.type = TPM2_ALG_RSA;
pub.publicArea.nameAlg = TPM2_ALG_SHA1;
pub.publicArea.nameAlg = TPM2_ALG_SHA256;
pub.publicArea.objectAttributes = TPMA_OBJECT_USERWITHAUTH | TPMA_OBJECT_RESTRICTED | TPMA_OBJECT_DECRYPT | TPMA_OBJECT_FIXEDTPM | TPMA_OBJECT_FIXEDPARENT |
TPMA_OBJECT_SENSITIVEDATAORIGIN;
pub.publicArea.parameters.rsaDetail.symmetric.algorithm = TPM2_ALG_AES;